Secure

Not All Datacenters Are Alike

Datacenter Certifications

Medfluent takes your data and privacy seriously. We have partnered with one of the largest, most secure datacenters across the globe. We have listed a subset of certifications here to demonstrate our range of expertise. We are compliant with all regulations and certified in all relevant areas. That way you not only have great service and support, but you’ll have peace of mind knowing that we cover all aspects of your security and privacy requirements.

HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) was created by the federal government to protect patients’ private information. HIPPA is directed towards healthcare professionals who have access to patient information, such as doctors, office workers, technicians, and healthcare managers.

NIST
The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency under the Department of Commerce. NIST's mission is to provide certified, standard reference materials in order to maintain measurement traceability in the U.S. NIST only certifies products that have been tested against standard reference materials and have met their specific requirements. Our datacenters have implemented NIST’s tailored set of baseline security controls, documentation requirements, and Federal Information System Controls Audit Manual (FISCAM) control audit methodologies required under the Federal Information Security Management Act.

Safe Harbour
The European Commission’s directive on Data Protection prohibits transferring personal data to non-European Union countries that do not meet the European Union’s standard for privacy protection. While the United States and the EU share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy than the European Union. The U.S. Department of Commerce, in cooperation with the European Commission, developed the Safe Harbor framework to bridge their different privacy approaches. This allows companies based in the United States to comply with European Union privacy requirements.

We have been awarded TRUSTe's Privacy Seal, which means that TRUSTe has reviewed our privacy policy and practices and they are compliant with TRUSTe's requirements for transparency, accountability, and choice in the collection and use of personal information.

LEED
The Leadership in Energy and Environmental Design (LEED) certification was launched in March 2000 by the U.S. Green Building Council. They provide third-party verification that a building has been designed and/or built using strategies to improve energy savings, water efficiency, CO2 emissions, and indoor environmental quality.

Our LEED certified datacenters use design methodologies, power and cooling strategies, and airflow optimization strategies that are 50% more power efficient when compared to traditional datacenters. These standards meet the requirements of the European Commission’s “Sustainable Consumption and Production Policies.”

SSAE 16
The Statement for Standards for Attestation Engagements (SSAE) No. 16 enhances the SAS 70 standard which governs controls at a service organization. Our datacenters adhere to SSAE 16 to keep up to date with new international standards.

SAS 70 Type 2
Our datacenters adhere to the Statement on Auditing Standards (SAS) 70 rules for a service organization. Our datacenters provide the added assurance of Type II reporting, which tests the control and operating effectiveness over time. In addition, our datacenters have implemented a Control Objectives for Information and Related Technologies (COBIT) framework, which is especially useful for the internal control reporting requirements specified in Sarbanes-Oxley Act of 2002.

SAS 70 is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). Successfully passing a SAS 70 Audit means that a service organization has been through an in-depth audit of their control objectives and control activities. Service organizations or service providers must demonstrate that they have adequate controls and safeguards when they host or process their customers’ data.